public async Task Attribute_exclusion_from_resource_definition_is_applied_for_non_empty_query_string()
{
// Arrange
var resource = new CallableResource
{
Label = "X",
RiskLevel = 3
};
await _testContext.RunOnDatabaseAsync(async dbContext =>
{
dbContext.CallableResources.Add(resource);
await dbContext.SaveChangesAsync();
});
string route = $"/callableResources/{resource.StringId}?fields[callableResources]=label,riskLevel";
// Act
(HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecuteGetAsync <Document>(route);
// Assert
httpResponse.Should().HaveStatusCode(HttpStatusCode.OK);
responseDocument.SingleData.Should().NotBeNull();
responseDocument.SingleData.Id.Should().Be(resource.StringId);
responseDocument.SingleData.Attributes.Should().HaveCount(1);
responseDocument.SingleData.Attributes["label"].Should().Be(resource.Label);
responseDocument.SingleData.Relationships.Should().BeNull();
}
public async Task Queryable_parameter_handler_from_resource_definition_is_not_applied_on_secondary_request()
{
// Arrange
var resource = new CallableResource
{
RiskLevel = 3,
Children = new List <CallableResource>
{
new CallableResource
{
RiskLevel = 3
},
new CallableResource
{
RiskLevel = 8
}
}
};
await _testContext.RunOnDatabaseAsync(async dbContext =>
{
dbContext.CallableResources.Add(resource);
await dbContext.SaveChangesAsync();
});
string route = $"/callableResources/{resource.StringId}/children?isHighRisk=true";
// Act
(HttpResponseMessage httpResponse, ErrorDocument responseDocument) = await _testContext.ExecuteGetAsync <ErrorDocument>(route);
// Assert
httpResponse.Should().HaveStatusCode(HttpStatusCode.BadRequest);
responseDocument.Errors.Should().HaveCount(1);
Error error = responseDocument.Errors[0];
error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
error.Title.Should().Be("Custom query string parameters cannot be used on nested resource endpoints.");
error.Detail.Should().Be("Query string parameter 'isHighRisk' cannot be used on a nested resource endpoint.");
error.Source.Parameter.Should().Be("isHighRisk");
}
public async Task Include_from_resource_definition_has_blocked_capability()
{
// Arrange
var userRolesService = (FakeUserRolesService)_testContext.Factory.Services.GetRequiredService <IUserRolesService>();
userRolesService.AllowIncludeOwner = false;
var resource = new CallableResource
{
Label = "A",
IsDeleted = false
};
await _testContext.RunOnDatabaseAsync(async dbContext =>
{
await dbContext.ClearTableAsync <CallableResource>();
dbContext.CallableResources.Add(resource);
await dbContext.SaveChangesAsync();
});
const string route = "/callableResources?include=owner";
// Act
(HttpResponseMessage httpResponse, ErrorDocument responseDocument) = await _testContext.ExecuteGetAsync <ErrorDocument>(route);
// Assert
httpResponse.Should().HaveStatusCode(HttpStatusCode.BadRequest);
responseDocument.Errors.Should().HaveCount(1);
Error error = responseDocument.Errors[0];
error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
error.Title.Should().Be("Including owner is not permitted.");
error.Detail.Should().BeNull();
}
